1. DATA CONTROLLER
2. PERSONAL DATA CATEGORIES
The general data protection regulations define the term "personal data" as follows: "Any information relating to an identified or identifiable natural person" (hereinafter referred to as "data subject").
An "identifiable natural person" is defined as a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, or to one or more elements specific to the person's physical, physiological, genetic, psychological, economic, cultural or social identity.
In the course of their activities, Dyma group companies may collect personal data relating to their customers, suppliers, subcontractors (and any subcontractors they may have), prospects, companies/persons forming part of their professional network and, in each case, their principals, staff, employees, agents and any other relevant contact persons.
Such personal data may include personal data, such as marital status, first and last names, telephone numbers, addresses or registered offices, e-mail addresses,..., as well as any information that the individual may provide voluntarily.
3. HOW DATA ARE COLLECTED AND STORED
Personal data are collected as follows:
- By encoding data provided by data subjects in the forms on the website https://www.dymagroup.com;
- By sending data provided by data subjects when placing an order (by internet, by e-mail or by post).
The data communicated via the website https://www.dymagroup.com are stored on the server of the hosting company "PHPNET.ORG", in France.
Data communicated otherwise than via the website is stored on the local secure server (back up) of Dyma group companies, accessible only to the staff and persons authorised by Dyma group companies, as well as to the staff of the IT maintenance company, by means of a secret password, via secure ERP.
4. PURPOSES OF THE PROCESSING
These data are collected by Dyma group companies in order to enable them to carry out their activities and provide the services entrusted to them by the contract/agreement concluded with the customer. They are also collected to ensure the management of their customers, the preparation of invoices and their collection, and legal, accounting and regulatory obligations. Subject to the consent of the persons concerned, they make it possible to send promotional material, offers, new products, price changes, closures or seasonal greetings via newsletters.
5. LEGAL BASIS FOR THE PROCESSING
The legal bases for the processing operations are the performance of a contract, the consent of the data subject (if applicable) and compliance with legal/regulatory obligations and/or the legitimate interest of Dyma group companies.
6. RECIPIENTS OF PERSONAL DATA
Dyma group companies will store and process the data collected themselves in order to enable them to achieve the purposes of the processing.
However, for these purposes, it is possible that personal data may be disclosed to public authorities, accountants, auditors, lawyers, accountants, collection companies, IT service providers, subcontractors or companies collaborating with Dyma Group companies.
These entities may be located outside the European Economic Area ("EEA"). However, in this case, personal data will be transmitted only to third countries that have an appropriate level of protection.
If necessary, personal data may also be transferred to other third parties in the context of, for example, a reorganisation of Dyma Group companies, in the event of a transfer of business, liquidation or bankruptcy, due to an injunction or in order to fulfil a specific legal obligation.
However, Dyma group companies will ensure that these persons/companies/entities have the most limited possible access to these personal data and will only process them on a strictly necessary basis.
7. DURATION OF THE PROCESSING
Dyma group companies keep the personal data entrusted to them for the duration necessary for the purpose of processing.
In determining the appropriate period of time, account will be taken of the nature and sensitivity of the personal data and the purposes for which they are processed. Account is also taken of the need to comply with their legal and regulatory obligations.
8. SECURITY MEASURES
Dyma Group companies have established appropriate technical and organisational security measures to prevent the destruction, loss, falsification, modification, unauthorised access by third parties or erroneous notification to third parties of the personal data collected, as well as any unauthorised processing of such data
Thus, Dyma group companies have, among other things, provided for the following:
- Use of secure passwords for its employees and managers;
- Inclusion in contracts and employment regulations of clauses providing for data confidentiality;
- Regular updating of PCs with up-to-date security patches and antivirus software;
- Regular backups of important data.
9. RIGHTS OF DATA SUBJECTS
9.1 Right of access, modification, deletion and limitation
You have the right to ask Dyma Group companies to access your data and request their correction.
In accordance with the legal conditions and provided for in the DGMP, you may also request their removal or limitation.
You acknowledge that in the event of a refusal to disclose or a request to delete personal data, Dyma Group companies may not be able to provide certain services.
9.2 Right to object
You have the right to object to the processing of your personal data if you have compelling and legitimate reasons for doing so.
In addition, you have the right to object to the use of personal data for direct marketing purposes. If so, you do not even have to give a reason.
9.3 Right of free transfer of data
You have the right to receive the personal data you have provided to Dyma Group companies in a structured, commonly used and machine-readable format and to pass on this data to other data controllers.
9.4 Right to withdraw consent
Provided that the processing is based on your prior consent, you have the right to withdraw this consent.
9.5 Exercising your rights
You can exercise your rights by contacting Dyma Group companies for this purpose by e-mail at the address "email@example.com" or by post at the address "Route de Lullange/Lëllger Wee 8 at 9780 WINCRANGE, LUXEMBOURG", with the addition of a copy of the front and back of your identity card.
9.6 Automated decisions and profiling
The processing of your personal data does not include any profiling and will not be the subject of automated decisions by Dyma Group companies.
9.7 Right to lodge a complaint
You have the right to file a complaint with the National Data Protection Commission, without prejudice to any appeal to a civil court:
Commission nationale la protection des données
Service des réclamations
1, avenue du Rock’n’Roll
Tel.: (+352) 26 10 60 -1
Fax.: (+352) 26 10 60 - 29
Latest update: 29/03/2019